GHSA-mvm6-f9r3-fgfx: AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction

March 27, 2026

This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and backslashes, in input values.

References

github.com/advisories/GHSA-mvm6-f9r3-fgfx
github.com/aws/aws-sdk-net
github.com/aws/aws-sdk-net/security/advisories/GHSA-mvm6-f9r3-fgfx

Code Behaviors & Features

Detect and mitigate GHSA-mvm6-f9r3-fgfx with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →